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What is claimed is: 

I CLAIMS 

1 . A method for verifying, by a verifier, that a prover has access to a 
private key associated with a pubHc key Kp, the method comprising: 

the proVer sending an identification message to the verifier, the 
identification message\comprising an indication of an identity of the prover, the 
indication of the identity including an indication of Kp; 

performing an identification round, the identification round 
comprising: \ 

the verifier choosing a challenge Q and a padding string X; 

the verifier sending an initialization message to the prover, 
the initialization message comprising a disguised form Y produced by applying a 
public disguising fiinction to Q and X, Y being equal to Fp(Q,X); 

the proWer computing a random number R by applying a 
private disguising function Fm to Y, R being equal to Fv(Y); 

the pro\^r sending a commit message to the verifier, the 
commit message comprising \a disguised form of R produced by applying a 
function f to R, the disguised form of R being equal to f(R); 

the verifier sending a challenge message to the prover, the 
challenge message comprising th® challenge Q and the padding string X; 

the prover verifying that Y=Fp(Q,X); 

the prover sending a response message to the verifier, the 
response message comprising a response A, the response A satisfying a predicate 
relationship Pred(A,Q,f(R),Kp), wherein satisfying the predicate relationship 
provides an indication that the prover nas access to the private key; and 

the verifier verifying that A satisfies the predicate 
relationship Pred(A,Q,f(R),Kp); and \ 

the verifier determining that the prover has access to the private key 
based on a result of the performing step. \ 

2. A method according to claim R and also comprising: 
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subsequent to the prover verifying that Y=Fp(Q,X), using the value 
Fp(Q,X) instead the value Y of the verifier sending step in all subsequent 
operations using Y. 

3. A metftod according to claim 1 and wherein the performing step is 
performed iteratively a plurality of times, and 

the veiyfier determining step includes determining based on a 
plurality of results each associated with one of the plurahty of times that the 
performing step is performed. 

4. A method according to claim 1 and wherein the disguising function 
Fp comprises a one- wayl hash function. 



5. A method laccording to claim 3 and wherein the disguising function 
Fp comprises a one-way hash function. 

6. A method according to claim 1 and wherein the private disguising 
function Fv comprises a o le-way hash function. 

7. A method according to claim 3 and wherein the private disguising 
function Fv comprises a oiie-way hash function. 



8. 



A method a 



cording to claim 1 and wherein the public disguising 
function Fp comprises a public key dependent disguising function Fpp dependent, 
in part, on the public key Kip, and 



Y is equal to 
the prover 
Y=Fpp(Q,X,Kp). 



pp(Q,X,Kp), and 
verifying step comprises the prover verifying that 



9. A method acdording to claim 3 and wherein the public disguising 

function Fp comprises a public key dependent disguising function Fpp dependent, 
in part, on the public key Kpjand 



Y islequal to Fpp(Q,X,Kp), and 

the jprover verifying step comprises the prover verifying that 
Y=Fpp(Q,X,Kp). 



5 10. 



A method according to claim 1 and wherein the function f comprises 



modulo N. 
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A methodkccording to claim 3 and wherein the function f comprises 



11. 

modulo N. 



12. In a method ifor verifying, by a verifier, that a prover has access to a 

private key associated with a public key Kp, in which the method comprises the 
prover generating a randomlnumber R and communicating a disguised fomi of the 
random number R to the vermer, an improvement comprising: 

the prover gei^terating the random number R based on an input 
received from the verifier. 



13. A method accoMing to claim 12 and wherein the input received 
from the verifier includes a con\mitment to a future query, and 

20 the method also c4>mprises: 

the prover verifyii^, upon receipt of the future query, that the future 
query matches the commitment. 

14. A system for verifying access to a private key associated with a 
25 public key Kp, the system comprising: 

a verifier; and 

a prover comprising k disguising unit, 
wherein the prover isl operative to send an identification message to 
the verifier, the identification message comprising an indication of an identity of 
30 the prover, the indication of the identity including an indication of Kp, and 

the prover and the v&rifier together are operative to perform an 
identification round, the identification round comprising: 
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the verifier choosing a challenge Q and a padding string X; 
/ the Verifier sending an initialization message to the prover, 
the initialization message Comprising a disguised form Y produced by applying a 
public disguising function Rp to Q and X, Y being equal to Fp(Q,X); 
5 the prAver computing a random number R by applying a 

private disguising function Fy to Y in the disguising unit, R being equal to Fv(Y); 

the proyer sending a commit message to the verifier, the 
commit message comprising a disguised form of R produced by applying a 
function f to R, the disguised norm of R being equal to f(R); 
10 the verifier sending a challenge message to the prover, the 

challenge message comprising Ithe challenge Q and the padding string X; 

the prove:* verifying that Y=Fp(Q,X); 

the prove r sending a response message to the verifier, the 
response message comprising ;i response A, the response A satisfying a predicate 
15 relationship Pred(A,Q,f(R),Kp), wherein satisfying the predicate relationship 
provides an indication that the orover has access to the private key; and 

the verifier verifying that A satisfies the predicate 
relationship Pred(A,Q,f(R),Kp), and 

the verifier is operative to determine that 'the prover has access to the 
'the identification round. 
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20 private key based on a result c 



with a verifier for verifying access to a private key 



15. A prover for us e 

associated with a public key Kp, the prover comprising: 
a disguising unit, 

wherein the pr 3ver is operative to send an identification message to 
the verifier, the identification message comprising an indication of an identity of 
the prover, the indication of the identity including an indication of Kp, and 

the prover anl the verifier together are operative to perform an 
identification round, the ideniification round comprising: 
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the verifier choosing a challenge Q and a padding string X; 
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the verifier sending an initialization message to the prover, 
the initiaHzation message comprising a disguised form Y produced by applying a 
public disguising functionNpp to Q and X, Y being equal to Fp(Q,X); 

the prover computing a random number R by applying a 
5 private disguising function FV to Y in the disguising unit, R being equal to Fv(Y); 

the provbr sending a commit message to the verifier, the 
commit message comprising a disguised form of R produced by applying a 
function f to R, the disguised foiVn of R being equal to f(R); 

the verifier\sending a challenge message to the prover, the 
10 challenge message comprising the\challenge Q and the padding string X; 

the prover verifying that Y=Fp(Q,X); 

the prover sqnding a response message to the verifier, the 
response message comprising a response A, the response A satisfying a predicate 
relationship Pred(A,Q,f(R),Kp), vmerein satisfying the predicate relationship 
15 provides an indication that the prover has access to the private key; and 

the verifier verifying that A satisfies the predicate 
relationship Pred(A,Q,f(R),Kp), and I 

the verifier is operative Ito determine that the prover has access to the 
private key based on a result of the idmtification round. 
20 \ 
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